Rkhunter reports
[04:21:27] Warning: Network TCP port 47018 is being used by /usr/bin/boinc.
Possible rootkit: Possible Universal Rootkit (URK) component
Use the 'lsof -i' or 'netstat -an' command to check this.
Using lsof -i get this.
lsof -i | grep boinc
boinc 2766 msetzerii 7u IPv4 35501 0t0 TCP
localhost:xqosd
(LISTEN)
boinc 2766 msetzerii 10u IPv4 1331117 0t0 TCP
setzconote.dyndns.org:47032->einstein10.aei.uni-hannover.de:https
(CLOSE_WAIT)
boinc 2766 msetzerii 14u IPv4 1331116 0t0 TCP
setzconote.dyndns.org:47018->einstein10.aei.uni-hannover.de:https
(CLOSE_WAIT)
The address shows router that doesn't forward this port
to machines behind it so don't think it would go
anywhere. So note sure if this is an issue, or if it would be
something with rkhunter or with boinc einstein project..
(Also, saw an issue in report with /usr/libexec/gawk
linking to /usr/libexec/awk which is a directory with two
files. The gawk is new from earlier this month, the files in
awk date to 7/2021?)
Fedora 35.
# ls -l | grep awk
drwxr-xr-x. 2 root root 4096 Jun 6 16:36 awk
lrwxrwxrwx. 1 root root 3 Sep 18 01:19 gawk -> awk
# ls -l awk
total 32
-rwxr-xr-x. 1 root root 15944 Jul 22 2021 grcat
-rwxr-xr-x. 1 root root 15928 Jul 22 2021 pwcat
+------------------------------------------------------------+
Michael D. Setzer II - Computer Science Instructor
(Retired)
mailto:[email protected]
mailto:[email protected]
Guam - Where America's Day Begins
G4L Disk Imaging Project maintainer
http://sourceforge.net/projects/g4l/
+------------------------------------------------------------+
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
